installldownload.com

Conduit Ltd.  (via a Proxy Registrant)

Domain Information

The domain installldownload.com is registered by proxy through GODADDY.COM, LLC and was originally registered in May of 2013. This domain has been known to host and distribute potentially unwanted software. The hosted servers are located in Salt Lake City, Utah within the United States which resides on the ThePlanet.com Internet Services, Inc. network. The domain is associated with the publisher Conduit Ltd. who is located in Ness Ziona, Israel.
Registrar:
GODADDY.COM, LLC

Server location:
Utah, United States (US)

Create date:
Thursday, May 02, 2013

Expires date:
Monday, May 02, 2016

Updated date:
Tuesday, June 16, 2015

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ClientConnect.AA, PUP.Conduit.Installer, PUP.Conduit.O, PUP.4327.Conduit.T, PUP.4506.Conduit.U, PUP.49019.Conduit, PUP.Bundler.Perion.Conduit, PUP.49019.Bundler.Conduit, PUP.Conduit.Bundler (M), PUP.Conduit.ClientConnect.Installer (M), PUP.Perion.Bundler.Conduit (M), PUP.Perion.Bundler (M)
82.98%

Dr.Web
Adware.Conduit.27, Adware.Conduit.87, Adware.Conduit.3, Trojan.Damaged.1, Threat.Undefined, Adware.Conduit.6, Adware.Conduit.82
65.96%

VIPRE Antivirus
Conduit, Threat.4786236
51.06%

Malwarebytes
PUP.Optional.Conduit, PUP.Optional.Conduit.A
46.81%

ESET NOD32
Win32/Wajam (variant), Win32/Toolbar.Conduit.AE, Win32/Toolbar.Conduit.AE (variant), Win32/Toolbar.Conduit.AJ potentially unwanted (variant)
46.81%

Trend Micro House Call
TROJ_GEN.F47V0304, TROJ_GEN.F47V0310, TROJ_GEN.F47V0320, TROJ_GEN.F47V0331, TROJ_GEN.F47V0402, TROJ_GEN.F47V0408, TROJ_GEN.F47V0410
40.43%

McAfee
Artemis!742E3821243C, Artemis!22948D346B91, Artemis!18FDE51E6D0E, Artemis!3D871E8C2F76, Artemis!7EB4B2665433, Artemis!D7D6097E19E7, Artemis!E8108E88B679, Artemis!AFBB9E4BEC37, Artemis!386FC5D90BC3, Artemis!6ED93E384D8C
23.40%

McAfee Web Gateway
Artemis!742E3821243C, Artemis!22948D346B91, Artemis!18FDE51E6D0E, Artemis!3D871E8C2F76, Artemis!7EB4B2665433, Artemis!D7D6097E19E7
21.28%

avast!
Win32:Adware-BRM [PUP], Win32:GenMaliciousA-CDH [PUP]
21.28%

Fortinet FortiGate
Riskware/Toolbar_Conduit
19.15%

AVG
Generic, Potentially harmful program Toolbar.Conduit
19.15%

Baidu Antivirus
Adware.Win32.Conduit
17.02%

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
12.77%

ESET NOD32
Win32/Toolbar.Conduit.AJ potentially unwanted application, Win32/ClientConnect.A potentially unwanted application, Win32/Toolbar.Conduit.AE potentially unwanted application
12.77%

Avira AntiVirus
Adware/Wajam.F, TR/Trash.Gen
10.64%

The domain installldownload.com has been seen to resolve to the following 3 IP addresses.

April 10, 2016

January 4, 2016

184.173.249.252-static.reverse.softlayer.com
January 16, 2014

File downloads found at URLs served by installldownload.com.

1 / 68      (Adware)
http://installldownload.com/.../downloadsp3.php  (installconverter_tsa34h519.exe)

5 / 68      (PUP)
http://installldownload.com/.../downloadsp.php  (installconverter_tsv44tzus.exe)

8 / 68      (PUP)

1 / 68      (PUP)
http://installldownload.com/.../download2.php  (installl_converter_a.exe)

The following 5 files have been seen to comunicate with installldownload.com in live environments.

URL:
http://installldownload.com/

Title:
“installldownload.com”

Web server:
Apache

Facebook:
Likes:  40
Shares:  550
Comments:  3

Statistics above are for the previous month of March 2017.